Today, June 18th 2013, John White and BESE are meeting to try and persuade the public of the need for participating with external Cloud Based vendors like Ed-Fi and inBloom. At the last BESE meeting (several months ago) White promised to released a copy of the MOU/agreement between LDOE and inBloom. To date John White has not released this document, even in response to several Freedom of Information Act requests filed by Tom Aswell at Louisiana Voice and BESE member Lottie Beebe. Demand to see that MOU (Memorandum of Understanding) before they leave today or move on to another topic. If they report no such document exists I recommend appealing to the DA to file charges against White for a million cases of Identity Theft.
Below is a cheatsheet of relevant questions to ask any DOE stooge who tries to deliver a presentation on how wonderful inBloom and data Clouds are:
(FYI – Chas and White may try to spin bus routes as an example of a non-educational use of data, but don’t let them.)
- Why is DOE sharing actual name dob and SSN instead of just the de-identified GUID built internally for the LEDRS project and used currently for accountability scores, dropout counts, COMPASS/VAM grad index, etc.
- What assurances do parents and districts have that once the state enters into this contract with directory data, that more/all data won’t be shared?
- What assurances do we have vendors won’t change their terms, just like Apple does every day, and allow this data to be shared for non-educational purposes since USED has ruled this OK?
- Where will the 3-5 dollar fee paying for this storage come from? (This is supposed to be charged to states in 2014 or 2015 and on an annual basis thereafter.) (5 dollars times 700,000 children is a minimum of 3.5 million dollars per year or the cost of the entire internally built data warehouse that DOE has already built with Federal tax dollars.)
- Where will the student data end up after students graduate? What is the disposal policy?
- Will parents be allowed to opt out? How do they to that in an orderly verifiable fashion?
- Why is the state insisting on doing this rather than allowing districts the choice?
- How many other vendors than just inBloom are involved and what are their roles? (we already have info on Ed-Fi, Alvarez Group, Amplify, Course Choice, Celt, Wireless Generation. Where are their contracts?)
- Will the state always be sending this data or will districts be expected to send data eventually?
- Who gets the reports and how much do they cost?
- What other fees are associated with this plan and who pays them (MFP?) Or DOE budget?
- If inBloom is not responsible for accidental exposures, misuse or hacked data, who is and what recourse do parents have? (New York has stated they are responsible, which would mean Louisiana and Louisiana taxpayers.)
- How can parents/students get records of everything contained/stored on them and request corrections or deletions? (IF this is just directory information, this should not be a problem.)
- Exactly which person, board or other made the decision to share student data without parental consent with an outside entity? Does this person understand technology enough to appreciate the risks and are they willing to be personally responsible for misuse and exposures?
- Does this person, board, or other also have the authority to restrict student data sharing?
- Was the public ever notified that the approximately 4 million dollar state-of-the-art LEDRS database( paid for with their tax money) was dismantled to be replaced by another data base (Gates)? Who made this decision?
- Will parents receive free copies of the information and/or be able to view the information for free that InBloom and possibly others intend to store, share, sell. How often will parents be updated on the data of their children as it continues to accumulate?
- Who is going to pay for any anxiety/and or psychological repercussions that children may incur after realizing that information (which may be unflattering/ embarrassing/or even erroneous ) is now available for scrutiny; i.e. psychiatric or psychological treatment?
- Is Race and/or Religion included in the collected Data. If so WHY and for WHAT PURPOSE? What other non-academic information (photographs, social security numbers, addresses, phone numbers, teacher comments, etc.) is included and why?
- Should any suicide of children occur over unflattering or mistaken data attached to their name, who are we to hold responsible?
- Should any abductions/molestations, rape, etc. of children be facilitated as an unintended consequence of release of this data (i.e. pictures, addresses, phone numbers ,etc. who is going to be held accountable, both criminally and civilly?
So concerns and questions related just to clouds and this project:
Most IT pros do not trust cloud services with sensitive data. (There’s a reason banks don’t conduct financial transactions using cloud computing and the military doesn’t store top secret weapons designs on something called CloudNuke.)
Some 86% of those polled by